In early September, Home Depot, the home improvement chain confirmed that its payment systems had been hacked. The full extent of the breach appears to be around 60 million records. It is the largest retail breach on record eclipsing Target's 40 million records last year, and naturally, litigators and regulators have started their investigations.

Something however is amiss. You look at the way reputation value metrics responded to the Home Depot data breach and you'd have to say they reek of complacency. There's hardly a blip. It seems that a data breach no longer has the ability to shock stakeholders, who by the look of things, no longer expect credit card information to remain secure. Thus, in a rather short span, it appears that cyber security risk has been downgraded from a reliable trigger of reputational value losses to a mere source of embarrassment, consternation, and operational loss. Dog bites man, yawn.

Post a Comment

Amongst all the chatter about reputation and intangibles, one would be tempted to relegate its importance to a category that includes inventorying angels atop pins. Security, one of the six pillars of reputation, is the most ephemeral. Yet in a flash, the concepts of reputation and security can become real and deadly.

Reputation is an expectation of behavior. Ronald Lee Haskell had a somewhat established reputation for violence involving family members. Haskell is now is charged with having executed six members of his ex-wife’s family. Read more.

Post a Comment

Earlier today, two articles appeared at Ad Age and CFO commenting on the widening impact of stakeholder attention to data privacy. The general message is that stakeholders are becoming resistant to releasing data for free. The specific message is that companies once trusted to "do the right thing" with those data, or at least not do evil, are experiencing reputation "issues" that are creating a drag on value.

From Ad Age: ...there's a growing body of thought and tools to protect, or at least impede, the collection of personal data. You can run plug-ins on your browser to throw random data at collectors; extensions that reveal who's tracking the sites you visit (and block them); and mobile apps to jam location identifiers. Expect more innovation on this front next year, along with more vocal advocacy in support of it. There's even big money somewhat inadvertently behind the issue: Microsoft has elected to make privacy a differentiator in its marketing against Google, at least for now.

From CFO.com: In its third quarter 2013 financial results, Google reported its eighth consecutive decline in price per click, the money it can charge advertisers. But what’s worrisome is that this eight percent year-over-year loss in pricing power for its core business, a symptom of reputational value loss, is associated with other signs of stakeholder disaffection.

Huygens commented on Google in March, months ago, suggesting a looming drag on value when the stock was soaring; do the reputation metrics bear out these predictions at this time?

The Consensiv reputation metrics, powered by Steel City Re's measures of reputational value, reflect stakeholder expectations and their economic effects.
Of the 136 firms in its sector, Internet Software and Services, Google has held on to the highest value of the metric, Reputation Premium. But as of late, there has been a bit of volatility. This appears a subtle dip of the Reputation Premium. More obvious is the corresponding indicator that Its stakeholders are slightly less confident that this premium evidenced by an onging rise in the Consensus Trend metric to 1.3%. The Consensus Benchmark,which is based on a one-year average standard deviation of the Reputation Premium, even at 9.1% indicates a less volatile course than most of its peers. This is what early cracks in the reputation veneer look like, and it helps explain why Google completely dropped off the December Consensiv 50 reputation value league table.

For more background on the Consensiv reputation controls, click here. To view the December 2013 reputational value league table, based on Consensiv's metrics, and available exclusively at CFO.com, click here. Last, to read more about how reputational value is linked to stakeholder expectations and enterprise value, read, Reputation Stock Price and You: Why the market rewards some companies and punishes others (Apress, 2012) (click here).

Comments

Post a Comment

Last Thursday, Target (TGT), the nation's second-largest discounter, acknowledged that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend (Read more). In a discussion on the security breach, reputation experts Nir Kossovsky and Jonathan Salem Baskin shared these thoughts with the Pittsburgh Post Gazette (Read more):

"Time will tell how significant a hit the incident will be to Target's reputation and sales. Bad events don't necessarily trigger a loss of reputation, said Nir Kossovsky, chief executive of Steel City Re, a Downtown-based insurer of corporate reputational value.
The impact will depend on whether customers believe the company took reasonable actions and whether they hold the hackers, rather than Target, culpable for the breach, he said.
"Bad news headlines sting, but it's only a reputation problem if people behave differently because of it," said Jonathan Salem Baskin, managing director at Consensiv, a reputation management firm in Chicago.

Do the metrics bear them out?

The Consensiv reputation metrics, powered by Steel City Re's measures of reputational value, reflect stakeholder expectations and their economic effects.
Of the 15 firms in its sector, Discount Stores, Target has generally hovered around the third quartile of the metric, Reputation Premium. Its most recent value, however, was the 57th percentile. Target's bullseye is a black eye of sorts - not necessarily permanently or even long-term, but the hit registered. Its stakeholders are slightly less confident that this premium is appropriate as evidence by a slight, almost imperceptible, rise in theConsensus Trend metric 1.3%. The Consensus Benchmark,which is based on a one-year average standard deviation of the Reputation Premium, indicates at 4.0% a far more stable course than its peers.

The data suggest that while shaken, stakeholders are probably going to forgive Target and move on. The company, in their minds, is good; it's the hackers that are miscreants.

For more background on the Consensiv reputation controls, click here. To view the November 2013 reputational value league table, based on Consensiv's metrics, and available exclusively at CFO.com, click here.

Post a Comment

The virtual world is no utopia. Even in the fantasy world of Woody Allen, as depicted in the film, Sleeper, where cloning is a reality, the only remnants of a blown-up leader -- his nose -- can be taken hostage. It is even worse in the cyberworld,.

When an incident does occur, added Glockner, companies need to be open about it, which he noted companies are getting better at, as states have enacted regulation calling for disclosures and as society continues to embrace technology. “As companies see themselves as no longer alone in addressing cybersecurity issues, I think they become more comfortable talking about it…and realizing that if it’s going to come out…maybe you’re better off getting ahead of the problem.”

According to Security Management, "These types of crime have become the most common complaints that the FBI received in 2012, with 289,874 complaints total for the year, averaging more than 24,000 complaints per month, according to an FBI press release announcing the 2012 Internet Crime Report issued in May 2013."

On June 9, a 29-year-old computer technician, Edward Snowden, revealed himself to be the source of news stories showing the extent of phone and Internet eavesdropping by the National Security Agency. Snowden leaked classified documents he loaded onto a thumb drive while working for Booz Allen Hamilton (BAH), a major contractor, at an NSA listening post in Hawaii.

It is an ongoing event not unlike the London Whale or dozens of other rogue employees in remote stations away from the head office who've made headlines these past few years through unsanctioned behaviors. Usually, the consequences have been a loss of money. Occasionally, the parent firm goes belly up; e.g., Barings.

Snowden's document release is a major security breach. It’s been suggested that the fallout may lead to significant changes in intelligence contracting. At the very least, Booz Allen might be expected to suffer financial damage. Its primary customer, the US Intelligence Community, has reason to develop trust issues.

No worries, writes Bloomberg/Businessweek. Expectations are that little will change. "…conversations with current and former employees of Booz Allen and U.S. intelligence officials suggest that these contractors aren’t going anywhere soon. Even if Snowden ends up costing his former employer business, the work will probably just go to its rivals...As much as contractors such as Booz Allen have come to rely on the federal government, the government relies on them even more."

The Steel City Re reputational value metrics affirm the qualitative assessment.
While the volatility of the RVM, a non-financial measure of reputational value, is up from the 6th percentile to the 25th percentile among the peer group of 173 commercial service firms, its direct measure of uncertainty and reputational risk, the current RVM volatility is still less than 2%. As Consensiv, the consultancy explains, this metric, also known as the ConsensusTrend, is "first and foremost an indicator of risk, as companies with CT measures in excess of 7% are on average at a statistically greater risk of an adverse equity market event (i.e., a market cap loss of 7.5% or more) in the going-forward 12 months. It also provides feedback on the effectiveness of recent operations and communications efforts." In short, no one is expecting any major changes.

In other matters, the astute observer will note that BAH's current CRR rank, an indication of relative reputational value, is only at the 38th percentile having been closer to the 60th percentile before the leak was tied to Booz Allen. The more careful observer will note that Booz's CRR dropped three days before the revelation on 9 June. Perhaps being in the spy business, its stakeholders also have alternative channels for obtaining news?

Comments

Post a Comment

As the saying goes, there are only two types of companies: those that have had operational failures, and those that will. On 18 October, RR Donnelley & Sons, the printing-services firm, released the 8K quarterly earnings report for Google, the internet services company, 4 hours earlier than expected. The markets closed with the S&P500 down 0.24%, RR Donnelley down 0.88%, and Google down 8.00%.

This is how the Wall Street Journal’s MarketBeat blog reported the story, excerpted. First, Google’s take on the matter:

Earlier this morning RR Donnelley, the financial printer, informed us that they had filed our draft 8K earnings statement without authorization. We have ceased trading on Nasdaq while we work to finalize the document. Once it’s finalized we will release our earnings, resume trading on NASDAQ and hold our earnings call as normal at 1:30 PM PT.

Now, Donnelly’s take:

We are fully engaged in an investigation to determine how this event took place and are pursuing our first obligation – which is to serve our valued customer.

The value of that service is now being questioned. As reported in the New York Times blog, Dealbook:

An executive at Webfilings, a company based in Ames, Iowa, that sells an application that allows companies to self-file, used last week’s events as a marketing opportunity, reminding customers that “this unnecessary mistake reinforces the need for public companies to completely control the release of their financial data,” as Mike Sellberg wrote on the Webfilings blog.

The reputational risk for Donnelley is security--one of the six pillars of reputational value. As Chuck Malloy from Intel told Dealbook, “We own the liability and the risk, and this allows us to maintain the integrity of the reporting process. If there’s a problem, it’s our problem.”

The reputational value metrics from Steel City Re do not indicate that the operational failure has matured into a reputational crisis (7% drop in market cap, massive media attention, regulatory approbrium, etc.), but the event is nevertheless impacting Donnelley's reputation adversely.
Looking first at the Vital Signs, (Column 2 Row 2 below), the current RVM volatility is only slightly higher than the historic volatility, both below the median at the 17th to 19th percentile. The company’s reputational rank is the 33rd percentile, ROE at the 13th percentile, and forecast stability is below the median. Basically, the quick view is that baseline expectations among stakeholders are low.

Indications that stakeholders as a group do not expect the incident to be critical, but recognize that no good will come out of it, are reflected in the three volatility measures (Column 1 Rows 2-4, and Column 2 Row 4). All show low levels of volatility for both CRR, a measure of reputation rank, and RVM, a non-financial measure of reputational value. The volatility, which is indifferent to overall market risk (VIX), is leading to a further loss in both reputational value and reputation ranking relative to peers. Add to that the company's drop in equity value, and you have near-universal concurrence among stakeholders: thumbs down.

Comments

Post a Comment

The accounting firm Eisner Amper published their third annual survey, Concerns About Risks Confronting Boards. Based on the opinion of 193 corporate directors, the data show that excluding financial risk, 66% believe that reputational risks are the most concerning currently. The top three reputational risks of 2012 were quality (30%), ethics/integrity (24%), and “public perception” (16%). Security was #4 at 12%. These three named risks, along with innovation, safety, and sustainability (8%), comprise the six major sources of reputational risk according to research published by the Society in the 2010 book, Mission: Intangible.

Comments

Post a Comment

A few weeks ago, two of the biggest names in technology found themselves grappling with huge and potentially embarrassing debacles. As the Economist newspaper (28 April) summarized in their colorful headline, Online reputations in the dirt, on 26 April, "Amazon’s finance chief, Thomas Szkutak, said the firm was still trying to get to the bottom of a glitch that caused numerous websites it hosts for other businesses to crash or run painfully slowly during the previous week. The same day, Sony of Japan revealed that names, addresses, passwords and possibly credit-card details of 77m accounts were stolen when hackers gained access to the network it runs in 60 countries for its PlayStation online-gaming system, as well as for Qriocity, a service offering music, films and television shows.”

Reputation, of course, is the amalgam of impressions held by stakeholders, and it is shaped by such intangibles as these six (6): the means by which a company fosters ethical conformance, innovates, assures quality; and assures safety, sustainability and security. Business processes, really. And reputation manifests in many ways. Importantly, it sets expectations.

Of these six reputation drivers, Amazon faced a quality issue while Sony faced a security issue. The reputational consequences to these two companies are explained, in part, by stakeholders’ preexisting expectations, the degree to which those expectations were impacted by events, and the nature of expectations set going forward. Related, in that like reputation, it is forward looking, is the equity market’s reaction to these two different reputational experiences.

The Amazon reputational experience following the quality event shows increased volatility these past few weeks that is actually less than historic reputational volatility. In other words, stakeholders as a group seem overall unimpressed over background levels. As such, the equity jump is less surprising than it would be otherwise. It reflects the fact that Amazon suffered a reputational even and was resilient (relative to its baseline).
The experience at Sony is quite different. Sony's baseline reputational volatility is almost an order of magnitude less than Amazon's, and its reputation ranking is near the top of the peer group. Its stakeholders believe they have a good sense of what drives the company, and the degree to which it is a state of control. Equity investors, however, don't appear to understand how such a major security event could occur in the setting of what reputationally would appear to be a company in control. Their response is panic, and in our interpretation, suggests that Sony is now undervalued by the equity markets.
Turning to crude metrics of fractional intangible asset value, Amazon is almost purely intangible and thus the high degree of volatility is not too surprising. There may be much upside, but -- excluding IP -- there is probably no floor to the downside
Sony, in contrast, has a surprisingly small intangible asset fraction that is far lower than the median of its peer group. The large book value fraction of the company's value speaks to the relative stability of its economic metrics, but the huge drop from 40 to 20% intangible, as with the drop in stock price, is unreasonable for a company with such iconic brand and technology prowess.

Perhaps it is the overlay of the background geophysical crises in Japan that is making Sony's equity investors especially jumpy?

Comments

Post a Comment

In prior postings, we quoted Alan Greespan, former Chairman of the Federal Reserve, asserting shortly after the financial markets collapsed that “In a market system based on trust, reputation has a significant economic value.”

Ab actu ad posse valet illatio. We now quote Robert Gates, Defense Secretary, affirming the point with respect to the most ethereal of the intangible assets, security, as described in an NPR story on the Afghan Wikileaks.

"It's amazing how much trust matters, whether it's with governments or with individuals around the world. And it seems to me that as a result of this massive breach of security we have considerable repair work to do in terms of rebuilding trust, because people are going to feel at risk."